iTerm2 which is a popular replacement terminal app for OSX leaks everything you hover your mouse over via DNS requests. Why you may ask? Well in an attempt to be a “better app” iTerm2 will take any string you place your mouse cursor over and will do a DNS lookup on the text string. While sounding like a great idea this passes ANYTHING you Hover over to DNS. This includes anything that a user may have on screen such as usernames, passwords, and other sensitive information. All going to DNS servers as a request and typically unencrypted.

This behavior is a huge privacy issue as many users have no idea that they are opening themselves to yet another vulnerability that is super simple to intercept.

So for users of iTerm2 it is advised you upgrade asap to the latest version that just released today that turns this feature off which was set to on by default.